I have upgraded Cisco ACS from 4.1 to 4.2, I have Cisco Access Control 1113 apliance, as soon as I upgraded I am getting error in failed logs "Authen session timed out: Challenge not provided by client", what is wring with this?

I have 2 ACS 5.2 (VMWARE) in my network configured as primary and secondary. When my AAA clients are configured for Primary ACS authentication works fine.But the clients configured with secondary fails authenticating.My replication status of the secondary box is showing UPDATED.

My IT Department has recently installed Kaspersky Endpoint Security 8 on our laptops. Through a conversation with my IT guy I found that they can literally see what we are installing/uninstalling, surfing etc on our machines. When I am at home I am connected to my own private wireless network with my work laptop and I RDP to my home computer to surf/download files etc to my home machine. My question is, can my IT department track what I am installing/surfing on my home PC that I am connected to RDP? I was thinking of putting my RDP on the outside so I can connect to my home network and surf securely without my IT department keeping tabs on my history.

IPSEC VPN users are using ACS for extended authentication, whenever authentication is made, entries are available on ACS, now i need the session duration info on ACS, that means total time during which the user was active should be available.

i have enabled accounting globally on the ASA firewall through aaa accounting enable console ACS and also enable accounting in the tunnel-group itself, to which the user is using.

on ACS 5.1 ,i could not find any option / TAB that can give some information on the session duration.

I have a strange issue with clients connected to a WiFi network.I have configured AP in FlexConnect mode and 2 SSID's. After a reboot of the AP the network is stable for almost 45 mins. Then each client will go UP and Down, mostly with a delay of 5 mins.

What could be the source of this. The clients are Windows CE handheld with fixed IP adres. I already configure persitent client and have play arround with APR timers as well. Thereby an Windows desktop or an iPad has less connectivity issues but even they expert pakcteloss once in severall minutes.

Session timer is turned off

The iPad for example can play music, but each 5 mins you hear a little hickup and 2 subsecond ping are loss.

We're having trouble trying to deploy 802.1x authentication on a brand new site.Our primary and secondary ACS are located in Paris and the new site located in Toulouse, France. Both sites are connected through the WAN. Everytime a computer/user connects to this new site in Toulouse, ACS 5.2 sends a "5411 EAP session timeout" error message.

Our company has installed ACS Version: 5.1.0.44.6 Internal Build ID: B.2347 with patches: 5-1-0-44-5, 5-1-0-44-6. The security policy of our company includes a password change every 3 months. Our programmers had written a script that allows us to do it. When testing revealed that the script does not work. This is due to the fact that it is not possible to enter the mode "acs-config". In determining the reasons it was found that to enter this mode there is a limit on sessions (6 sessions). When the number of connections becomes larger than 6 then the script does not work. The documentation says that the update is not active sessions is set with terminal session-timeout. In this case, the terminal session-timeout 30. But after 30 minutes of the session will remain active. It interferes with our script.

We have Cisco ACS 4.2 in our network and the accounting is done for 750-1000 devices and only for level priv-15.If i want to enable accounting for all levels from priv-1 to 15. All commands executed in devices are sent to ACS. Does the ACS can that much sessions from those many devices?Am also planning to configure acs remote agent to store all the accounting history.

Is it possible to upgrade the CSACS-1121-UP-K9 to be a non upgrade part? We were going to upgrade from a Windows 4.x to the above Appliance (version 5.x) but there is now a reason to keep the old Windows version running therefore we cannot give the new Appliance the old ACS's licenses?!So we should have (with hindsight) bought a fresh version of the ACS 5.x rather than an upgrade.

we have a bandwidth pipe terminating on 1841 BVI interface... now we want to limit all the traffic going from inside to WAN circuit to half... for example 10 Mb pipe we want to reduce to 5 mb on bvi interface.. how this can be done .. as of not there is not need to police any specific type of traffic .. this needs to be done for any traffic from inside to outside...

I recently moved into a new apartment complex where Internet is included with the rent, meaning that I do not have a personal Internet connection. Instead, the apartment company has a general connection along with a router on each floor of the complex. They then wire out from that connection to an ethernet port in each apartment. Because of that, calling the Internet company doesn't work because they can only tell me that the router on my floor is getting an Internet connection (and unfortunately my apartment is too far away from that router to have signal strength to use it for wireless). Most tenants plug their personal routers into the ethernet ports and use them for wireless connection within their apartments.

When I try to plug my router in, I cannot connect. I get an error message saying that there is no Internet connection. When I plug my Mac directly into the ethernet port, I still get no Internet connection. I've even tried plugging my netbook (PC) in, and get nothing. I have tried network diagnostics, I have used multiple ethernet cables, nothing. The previous tenant apparently plugged her router into the same ethernet jack I am using and had no problems. She has been gone for a few months, and now I cannot connect.

I have noticed that the error "unable to process response from x.x.x.x" when using anyconnect is very common and that the actions to handle it are different. Right know I have the same issue. Let's name it "the message" =)

We are running:ASA 8.2(2) . AnyConnect 2.5.1025

In my scenario, we used to be able to connect to the ASA using AnyConnect but suddenly it stops to work showing "the message" =) We did this procedure, but it did not worked for us

[URL]...

My first question would be:How can I obtain more information so I can get a better idea to handle "the message"?

The next step I am about to do is upgrade the AnyConnect Cliente to 2.5.2019. According to the release notes, this versión is supported with ASA 8.2(22)

I also notice that the AnyConnect client can be install with a component named Cisco Diagnostic and Reporting Tool (DART). Does this tool could be usefull to troubleshoot "the message"? What kind of information does DART can give us? Were can I find the files it captures?

The bootloader used by the device is U-Boot, which is also licensed under the terms of the GPL. Sadly these parts are missing from the source code package provided by D-Link. Therefore I am asking you to add the U-Boot sources to the provided archive or post them here in the forum.

We are leasing an office space from a building that has it's own network center. This center can be used by each office/company to either house their own networking solutions or utilize their internet access if you plan only to use cloud servers or NAS servers. Our company (4 employees) is using this network center only for internet access with all of our data stored and accessed in our cloud service.We would like to access the internet wirelessly, which building does not provide. We were given one port and shared the link through the use of a switch. So my questions is would an access point add wireless connectivity without any information (ISP?) provided by the network center? I am not sure yet if we will be purchasing a router/AP or device made for to be used as an AP.

We currently get our internet through a small company that only uses a static IP and I cannot get our WRT160N router installed so I can manually set up our internet connection. Is there any way to install the router without using the CD provided. I keep getting the error code 322 during installation.

I have a standard home network consisting of internet access provided by my cable company which is then disseminated to a variety of wired and wireless devices via a router.

I would like to create a second wireless network that is separate from my current one. This new wireless network would have extra access controls including access restrictions to some web sites using both IP address restrictions and using the OpenDNS DNS servers.

The picture below illustrates the current configuration. The question is: how can I connect ROUTER B to the internet using my current equipment (without buying another IP address from the cable company)?

Wireless clients, dot1x eap peap, posture required.Clients should download the nac agent through redirection.the access list is correctly applied on wlc.The challenge is, it works for http traffic, but dont work for https traffic or if the browser is using a proxy (port 3128, 8080 etc).

I want to upgrade the Cisco ACS ver from 4.0 to 4.1.1.24 running on VM envoinment with primary and scondary server. I have tried to find documents related this upgradation.

My target is:

4.0====4.1.1.24====5.3

Secondly I wanted to know that this upgradation would possible for VMs or not. and this upgratation (4.0 to 4.1.1.24) could be possible on demo license?. because I have orderd to Cisco L-CSACS-53VMUP-K9 and CON-SAS-CSACS3V.?

I am using Cisco 1812 as EZVPN server. I want to use Active directory for VPN user authentication. I am trying from couple of days but no success.With ASA, i am able to authenticate against AD, but not with IOS router. Below are my configurationsIf kerberos authentication is not possible, I would like to know the possibility of using AD as ACS external database. I am running both AD and ACS in the same server. If i can integrate AD with ACS, i can use TACACS or RADIUS for the authentication.

I have an CS-ACS appliance with 5.2.0.0.26.3 version. There is not any direct solution for connect ldap client to server. I have 3 servers that have only ldap and for authentication I can not use radius or Tacacs+. I need a solution for this problem. How can LDAP Client connect to ACS when it has only ldap protocol?